General
-
Target
4f993bfaf9966c5521f3ebe21d1ad6d6
-
Size
561KB
-
Sample
240110-e8g51adgfp
-
MD5
4f993bfaf9966c5521f3ebe21d1ad6d6
-
SHA1
78920a2e07065b5344459aacf5bbc956d7b93165
-
SHA256
6b2b444ceaeae71822fa96af46e16c4227876be7e176934a857e2999025f0870
-
SHA512
3bc1fc5dff58d69b0f17cb994ae68773f7c24a70bc140fdf630d12dbd54f1324e159642bf205072b0294d7d953ce868debb0c6a2eb9a4fd4e041e0e20664fe6d
-
SSDEEP
12288:PM9p+gczyhNSvRbBQHR4qz91hI0zSaNsvz+yuWDVId21NaI+E8tyvX5La+NcphyQ:PBNAhyjH44lWKSMftcL1My
Malware Config
Extracted
netwire
194.5.97.220:3387
194.5.97.220:3389
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
HostId-%Rand%
-
keylogger_dir
%AppData%\Logs\
-
lock_executable
false
-
offline_keylogger
true
-
password
stanlow02
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
4f993bfaf9966c5521f3ebe21d1ad6d6
-
Size
561KB
-
MD5
4f993bfaf9966c5521f3ebe21d1ad6d6
-
SHA1
78920a2e07065b5344459aacf5bbc956d7b93165
-
SHA256
6b2b444ceaeae71822fa96af46e16c4227876be7e176934a857e2999025f0870
-
SHA512
3bc1fc5dff58d69b0f17cb994ae68773f7c24a70bc140fdf630d12dbd54f1324e159642bf205072b0294d7d953ce868debb0c6a2eb9a4fd4e041e0e20664fe6d
-
SSDEEP
12288:PM9p+gczyhNSvRbBQHR4qz91hI0zSaNsvz+yuWDVId21NaI+E8tyvX5La+NcphyQ:PBNAhyjH44lWKSMftcL1My
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-